Discuss this help topic in SecureBlackbox Forum

Authenticate with a key stored on the hardware device

Authenticating with a key residing on the token is no different to authenticating with the generic file-based private key. Please see Authenticate with a key article for general guidance on setting up public key SSH authentication with SecureBlackbox.

To authenticate with a key residing on a PKCS#11 device, the only difference is how you load your key. You load PKCS#11 keys via a TElSSHPKCS11KeyStorage component.

  1. Create a TElSSHPKCS11KeyStorage object
  2. Create a dedicated cryptoprovider for it
  3. Set DLLName to point to your PKCS#11 driver
  4. Open the storage, find the slot, open the session and optionally sign in
  5. Browse for the needed key:
  6. Now add the key to the memory key storage and follow steps 3-5 of the general public key authentication steps as explained in the referenced article.

Example:

C#:


// Create a TElSSHPKCS11KeyStorage object
TElSSHPKCS11KeyStorage storage = new TElSSHPKCS11KeyStorage();

//Create a dedicated cryptoprovider for it:

TElPKCS11CryptoProvider prov = new TElPKCS11CryptoProvider();
storage.CryptoProvider = prov;

//Set DLLName to point to your PKCS#11 driver.
storage.DLLName = "C:\Windows\System32\pkcs11driver.dll";

// Open the storage, find the slot, open the session and optionally sign in:
storage.Open();
TElPKCS11SessionInfo session = storage.OpenSession(slotIndex, true);
session.Login(SBPKCS11Base.Unit.utUser, "12345");

// Browse for the needed key:
TElSSHKey key = storage.get_Keys(keyIndex);

How To articles about SFTP client

Discuss this help topic in SecureBlackbox Forum